Robert Newson created COUCHDB-2821:
--------------------------------------
Summary: Prevent crash if user creates a database with a very long
name
Key: COUCHDB-2821
URL: https://issues.apache.org/jira/browse/COUCHDB-2821
Project: CouchDB
Issue Type: Improvement
Security Level: public (Regular issues)
Reporter: Robert Newson
In couchdb before 2.0 a database create request would cleanly fail if the
constructed filename for the database was too long for the underlying
filesystem.
In 2.0, the act of creating shard files and saving the shard map to the 'dbs'
database happens concurrently. The latter will succeed even if the shard file
creations fail, even if the reason for failure is fatal. CouchDB will also try
to create these files if they are missing when queried. It is easy for the
severity and frequency of those errors to take down the supervision tree.
Guard against this by enhancing the database name validation function to reject
names where any path segment exceeds 128 characters. Almost all filesystems can
handle file and directory names of 255 characters at least but we constrain
ourselves to half of this to allow room for system overhead (we already add a
timestamp, for example).
By 'path segment', I mean that 'foo/bar/baz' has three segments. When
translated to disk, there will be a baz.couch file in the bar directory which
is in the foo directory. We can be less aggressive than applying a maximum
database name length, it is sufficient for each part to be under the limit. For
exotic cases where names above 128 characters are desired, the use of multiple
path segments could serve as a useful workaround.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
